Privacy PerspectiveProtecting the Grid and Consumer Data: Cyber Security and Privacy
Lillie ConeyAssociate Director
Electronic Privacy Information Center
Privacy Rights Under Pressure
Innovations in technology: photography, audio recording, motion pictures, computers, telecommunications, digital data, networking of databases
New business and government practices Record keeping, collection and use of
personal information, data mining, networking of informational data on persons
What is Privacy?
Constitutionally Protected Rights US Constitution: First Amendment, Fourth Amendment,
and Fifth Amendment; United Nations Declaration of Human Rights Article 12
It is the ability to control over who, when, why, and how personal information may be accessed or used by others
It is also an intangible property right It is enforced by Fair Information Practices found in
Federal, State, and International Law Federal Privacy Act OECD Privacy Guidelines Canadian Privacy Act
Smart Grid and Privacy
Smart Grid Will trigger reflection on use of data collected,
legal limitations, regulations, and public debate about privacy
May expose information once only known by those within a home or business to others
Cause struggles over control of Smart Grid electricity consumption information
Can Smart Grid information threaten privacy rights? YES!
Cyber Security and Privacy
Smart Grid design can either protect or fail to protect privacy and security
Privacy rights must be defined by the full complement of Fair Information Practices
How Cyber Security is defined will determine the degree to which electricity consumers may control who, when, why, and how someone may have access to information. Defining cyber security Defining cyber security threats Establishing due process protocols within utilities and
Smart Grid service providers routine business operations
Transparency is Key to Customer Trust in the Grid
Sunlight is said to be the best of disinfectants; electric light the most efficient policeman. Louis Brandeis, Harper's Weekly, Dec 20 1913 Customers must have more than notice and choice Customers should be empowered to make
decisions about electricity consumption management options
Customers must have real redress options if their personal information or electricity consumption information is abused or misused
Law-enforcement Access must be restricted to court managed processes. (No secret courts or national security letters)
Smart Grid Fair Information Practices Data collection limitations
Data use limitations
Data must be protected by information holders
Data holders must comply with privacy principle guidelines
Data subject must have access to information on who has had access to their information Correction, due process adjudication, confirm
accuracy, and use agreement
EPIC.org
Electronic Privacy Information Center (EPIC)
http://epic.org/
Top Related